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DETAILED ACTION 

1- Claims 1-17 are pending. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs 
of 35 U.S.C. 102 that form the basis for the rejections under 
this section made in this Office action: 

A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or 
described in a printed publication in this or a foreign country, before the 
invention thereof by the applicant for a patent. 

3. . Claims 1-2, 5-6, 10, 14-15, 17 are rejected under 35 
U.S.C. 102(a) as being anticipated by "TCP/IP Tutorial and 
Technical Overview" (hereinafter Kerberos) . 

As per claim 1, Kerberos discloses a system to control 
access from a client to a server, comprising: ticket granting 
server including a personal information database for obtaining, 
in response to a request from a client, personal information 
from the personal information database, for authenticating the 
personal information and for resultantly sending a ticket to the 
client (see pages 2-5 where the client name (c) is the personal 
information) ; and an access control server including a server 
policy defining an access allowance condition for requiring of 
the access requesting 'client a ticket matching the server policy 
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and for allowing the client an access when the required ticket 
is sent from the client (see pages 2-5) . 

As per claim 2, Kerberos discloses the access allowance 
condition includes necessary information, necessity/non- 
necessity of authorization of the information, and 
necessity/non-necessity of disclosure of the information (see 
pages 2-5 where necessary information is the client name and 
service name, which is also the authorization information which 
is disclosed to the ticket granting service) . 

As per claim 5, Kerberos discloses a method of controlling 
an access from a client, comprising the steps of: setting a 
server policy defining an access allowance condition; requiring 
of the access requesting client an authenticated ticket matching 
the server policy; and allowing the client an access when the 
required ticket is sent from the client (see pages 2-5) . 

As per claim 6, Kerberos discloses the access allowance 
condition includes necessary information, necessity/non- 
necessity of authorization of the information, and 
necessity/non-necessity of disclosure of the information (see 
pages 2-5 where necessary information is the client name and 
service name, which is also the authorization information which 
is disclosed to the ticket granting service) . 
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As per claim 10, Kerberos discloses a server access method, 
comprising the steps receiving from an access target server a 
server policy defining an access allowance condition; sending to 
a ticket granting server a ticket granting request together with 
the server policy; receiving from the ticket granting server a 
ticket including information which matches the server policy and 
which is authorized; and sending an access request to the access 
target server together with the ticket (see pages 2-5) . 

As per claim 14, Kerberos discloses a client, comprising: 
means for receiving a server policy defining allowance condition 
from an access target an access server; means for sending a 
ticket to a ticket granting server together granting request 
with the server policy; means for receiving from the ticket 
granting server a ticket including information which matches the 
server policy and which is authorized; and means for sending an 
access request to the access target server together with the 
ticket (see pages 2-5) . 

As per claim 15, Kerberos discloses a program for 
controlling an access from a client, said program including 
instructions for executing the steps of: sending, to a client 
requesting an access, a server policy to which an access 
allowance condition is beforehand set; and allowing the client 
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the access when a ticket matching the server policy is sent from 
the client (see pages 2-5) . 

As per claim 17, Kerberos discloses a server access program 
including instructions for executing the steps of: receiving 
from an access target server a server policy defining an access 
allowance condition; sending to a ticket granting server a 
ticket granting request together with the server policy; 
receiving from the ticket granting server a ticket including 
information which matches the server policy and which is 
authenticated; and sending an access request to the access 
target server together with the ticket (see pages 2-5) . 

Claim Rejections - 35 VSC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which 
forms the basis for all obviousness rejections set forth in this 
Office action: 

(a) A patent may not be obtained though the invention is not identically 
disclosed or described as set forth in section 102 of this title, if the 
differences between the subject matter sought to be patented and the prior 
art- are such that the subject matter as a whole would have been obvious at 
the time the invention was made to a person having ordinary skill in the 
art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

5. Claims 3, 7-9, 13, 16 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Kerberos and further in view of 
Menezes et al C Handbook of Applied Cryptography"). 
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As per claim 3, is rejected as applied to claim 1 but fails 
to disclose the use of a digital signature. 

However, Menezes et al discloses the use of a digital 
signature (see page 22) . 

At the time of the invention it would have been obvious to 
a person of ordinary skill in the art to use Menezes et al's 
digital signature in Kerberos' ticket. 

Motivation to do so would have been to provide 
authentication, authorization and non-repudiation (see Menezes 
et al page 22) . 

As per claim 7, the modified Kerberos and Menezes et al 
system discloses a personal information authentication method, 
comprising the steps of : preparing a personal information 
database including personal information; identifying, client, a 
person and in response authenticating the person; information 
from the database corresponding to the obtaining requested 
personal information identified and authenticated person and 
describing the requested information on a certificate (see 
Kerberos pages 2-5) ; putting a digital signature on the 
certificate (see Menezes et al page 22) ; and to a request from a 
sending the certificate to the client (see Kerberos pages 2-5) . 

As per claim 8, the modified Kerberos and Menezes et al 
system discloses the request from the client includes necessary 
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information, necessity/non-necessity of authorization of the 
information, and necessity/non-necessity of disclosure of the 
information (see Kerberos pages 2-5) . 

As per claim 9, the modified Kerberos and Menezes et al 
system discloses confirming, when it is not necessary to 
disclose the information requested by the client, information in 
the personal information database and describing none of 
contents of the information on the certificate (see Kerberos 
pages 2-5) . 

As per claim 13, the modified Kerberos and Menezes et al 
system discloses a ticket granting server, a personal 
information database including comprising: personal information; 
means for identifying, in response to a request from a client, a 
person and authenticating the person; means for obtaining 
requested information corresponding to the identified and 
authenticated person in the personal information database (see 
Kerberos pages 2-5) , putting a digital signature, and thereby 
creating a ticket (see Menezes et al page 22) ; and means for 
sending the ticket to the client (see Kerberos pages 2-5) . 

As per claim 16, the -modified Kerberos and Menezes et al 
system discloses a personal information authentication program 
including instructions for executing the steps of: identifying, 
in response to a request from a client, a person and 



Application/Control Number: 09/909,006 Page 8 

Art Unit: 213 7 

authenticating the person; obtaining requested information from 
information corresponding to the identified and authenticated 
person in a personal information database and describing the 
requested information on a certificate (see Kerberos pages 2-5) ; 
putting a digital signature on the certificate (see Menezes et 
al page 22) ; and sending the certificate to the client (see 
Kerberos pages 2-5) . 

6. Claims 4, 11-12 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Kerberos and further in view of FOLDOC. 

As per claim 4, Kerberos discloses an access control method 
for use in a system including a client, a server, and a ticket 
granting server, comprising the steps of: server having a server 
access allowance condition a server policy defining an policy to 
a client having requested an access; obtaining by the ticket 
granting server, in response to request and the server policy 
sent from a client, personal information from a personal 
information database, authenticating the personal information, 
and resultantly sending a ticket to the client; sending by the 
client an access request with the ticket to the server; and 
allowing by the server the client the access when the ticket 
matches the server policy (see pages 2-5) . 

Kerberos fails to disclose the server being a www server 
(web server) . 
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However, FOLDOC discloses a web server (see FOLDOC) . 

At the time of the invention it would have been obvious to 
a person "of ordinary skill in the art to use FOLDOC s web server 
as Kerberos' server. 

Motivation to do so would have been to have the server be 
able to send out web pages (see FOLDOC) . 

As per claim 11, the modified Kerberos and FOLDOC system 
discloses an access control method for use in a system including 
a client, a www server, and a ticket granting server, comprising 
the steps of: by the ticket granting server, receiving a ticket 
granting request from the client and creating in response 
thereto a session key, obtaining personal information from a 
personal information database, and sending to the client the 
session key and an encrypted ticket including the session key 
and the personal information; by the client, creating an 
authenticator by encrypting an access request time using the 
session key received from the ticket granting server and sending 
to the www server an access request together with the encrypted 
ticket and the authenticator; and by the www server, decrypting 
the encrypted ticket to obtain a session key, decrypting the 
authenticator using the session key to obtain a time, verifying 
the timer, determining whether or not the ticket satisfies an 
access allowance condition, and determining allowance or denial 
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of the access (see Kerberos pages 2-5 with www server from 
FOLDOC) . 

As per claim 12, the modified Kerberos and FOLDOC system 
discloses a www server, comprising: means for setting a server 
policy defining an access allowance condition; means for sending 
the server policy to a client requesting an access; and means 
for allowing a client an access when a ticket matching the 
server policy is sent from the client (see Kerberos pages 2-5 
and FOLDOC) . 

Conclusion 

7. The prior art made of record and not relied upon is 
considered pertinent to applicant's disclosure. Linehan et al 
(U.S. 5,495,533) and Shambroom (U.S. 5,923,756) disclose access 
control using a ticket granting service. 

Any inquiry concerning this communication or earlier 
communications from the examiner should be directed to Michael 
Pyzocha whose telephone number is (571) 272-3875. The examiner 
can normally be reached on 7:00am - 4:30pm first Fridays of the 
bi-week off. 

If attempts to reach the examiner by telephone are 
unsuccessful, the examiner's supervisor, Andrew Caldwell can be 
reached on (571) 272-3868. The fax phone number for the 
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organization where this application or proceeding is assigned is 
703-872-9306. 

Information regarding the status of an application may be 
obtained from the Patent Application Information Retrieval 
(PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, 
see http://pair-direct.uspto.gov. Should you have questions on 
access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free) . 



MJP 




